emacs-orgmode@gnu.org archives
 help / color / mirror / code / Atom feed
From: Ian Barton <lists@manor-farm.org>
To: Emacs Org mode mailing list <emacs-orgmode@gnu.org>
Subject: The Answer to Life the Universe and Caching Your Passwords (it's not,42).
Date: Fri, 11 Mar 2011 17:03:46 +0000	[thread overview]
Message-ID: <4D7A55F2.4040801@manor-farm.org> (raw)

A light hearted look at getting Emacs to cache your encryption

Today I decided to try out the git version of gnus. After cloning the
repo and setting my .emacs to load gnus, I was prompted to enter the
details for my various email accounts, currently stored in my
.authinfo file. Gnus then saved these in a .authinfo.gpg file, which
astute reader may realize is a gpg encrypted file. "Good", I thought
that makes my system a bit more secure. Gnus then prompted me for the
pas phrase for my .authinfo.gpg file for each of my accounts. When you
have three or more accounts repeated typing "Richard Stallman has a
very long beard" gets a bit repetitive. Less patient users may change
their password to "gnus", "1234", or some other four letter word not
suitable for the eyes of emacs org-mode readers.

After perusing various Emacs mailing lists, which had various answers,
many from denizens of this list; I worked out the gnus was using
symmetric encryption.

I added (setq epa-file-cache-passphrase-for-symmetric-encryption t),
but still no joy. Finally I found I needed to add (setenv
"GPG_AGENT_INFO" nil). Joy of joys I only had to type "Richard
Stallman..." once. I went and had a cup of tea.

When I got back I needed to open the org gpg file with all my
passwords. I was prompted for my password. Since I had only opened the
file a few minutes previously and gnupg-agent normally cached my
passwords for a couple of hours, I was surprised. Further
investigation revealed what many readers already know that setenv
"GPG_AGENT_INFO" nil had disabled gnupg-agent. My password file is
encrypted using public key encryption, not symmetric encryption, so I
couldn't have password caching enabled for both types of encryption. I
had to choose between typing in "Richard Stallman has a very long
beard" or "Wilkesley cows only produce white milk" multiple
times. Deep gloom descended.

Suddenly a ray of sunshine illuminated the problem. What if I could
persuade gnus to use public key encryption? A bit of digging in Emacs
customization revealed I could do something like (setq
auth-source-gpg-encrypt-to (quote ("ABC124"))), where ABC1234 is they
key I use to encrypt my password file. This means that gnus and org
both use public key encryption and I can now use gnupg-agent. So I
only have to type in "Wilkesley cows only produce white milk" once and
I can both read my email and open my passwords file. Happiness


             reply	other threads:[~2011-03-11 17:04 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-03-11 17:03 Ian Barton [this message]
2011-03-12 12:11 ` The Answer to Life the Universe and Caching Your Passwords (it's not, 42) Rasmus Pank Roulund

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

  List information: https://www.orgmode.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4D7A55F2.4040801@manor-farm.org \
    --to=lists@manor-farm.org \
    --cc=emacs-orgmode@gnu.org \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox


This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).